NeXT 3.3 vs openssh-2.5.1p1 (Couldn't restore privileges)

Tim Rice tim at multitalents.net
Tue Feb 27 10:45:23 EST 2001 

On Mon, 26 Feb 2001, Damien Miller wrote:

> On Sun, 25 Feb 2001, Tim Rice wrote:
> 
> > See uidswap.c
> >
> > Have a look at this patch. It might work (it does run) but
> > it might be doing the wrong thing security wise.
> > I came up with this after looking at uidswap.c
> >
> > For SCO 3 and NeXT,
> > #define SAVED_IDS_DO_NOT_WORK_WITH_SETEUID
> 
> Can you give this patch a try?

This works on SCO 3 except you have it backwards on which platforms
should have SAVED_IDS_WORK_WITH_SETEUID defined.

*-next-*) and *-*-sco3.2v4*) are the only ones that should NOT have
SAVED_IDS_WORK_WITH_SETEUID defined. All others (so far) should.

And those platforms that do have it defined will get warning messages like
"src/uidswap.c", line 32: warning: macro redefined: SAVED_IDS_WORK_WITH_SETEUID

> 
> Index: ChangeLog
> ===================================================================
> RCS file: /var/cvs/openssh/ChangeLog,v
> retrieving revision 1.822
> diff -u -r1.822 ChangeLog
> --- ChangeLog	2001/02/25 23:20:40	1.822
> +++ ChangeLog	2001/02/26 09:43:57
> @@ -1,5 +1,7 @@
>  20010226
>   - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
> + - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
> +   Based on patch from Tim Rice <tim at multitalents.net>
> 
>  20010225
>   - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
> Index: acconfig.h
> ===================================================================
> RCS file: /var/cvs/openssh/acconfig.h,v
> retrieving revision 1.103
> diff -u -r1.103 acconfig.h
> --- acconfig.h	2001/02/24 21:41:10	1.103
> +++ acconfig.h	2001/02/26 09:43:57
> @@ -296,6 +296,9 @@
>  /* Define if X11 doesn't support AF_UNIX sockets on that system */
>  #undef NO_X11_UNIX_SOCKETS
> 
> +/* Needed for SCO and NeXT */
> +#undef SAVED_IDS_WORK_WITH_SETEUID
> +
>  @BOTTOM@
> 
>  /* ******************* Shouldn't need to edit below this line ************** */
> Index: configure.in
> ===================================================================
> RCS file: /var/cvs/openssh/configure.in,v
> retrieving revision 1.253
> diff -u -r1.253 configure.in
> --- configure.in	2001/02/24 21:41:11	1.253
> +++ configure.in	2001/02/26 09:43:57
> @@ -152,6 +152,7 @@
>  	AC_DEFINE(HAVE_NEXT)
>  	AC_DEFINE(BROKEN_REALPATH)
>  	AC_DEFINE(USE_PIPES)
> +	AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID)
>  	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
>  	CFLAGS="$CFLAGS"
>  	;;
> @@ -238,6 +239,7 @@
>  	AC_DEFINE(HAVE_SCO_PROTECTED_PW)
>  	AC_DEFINE(DISABLE_SHADOW)
>  	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
> +	AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID)
>  	AC_CHECK_FUNCS(getluid setluid)
>  	;;
>  *-*-sco3.2v5*)
> @@ -252,6 +254,7 @@
>  	AC_DEFINE(HAVE_SCO_PROTECTED_PW)
>  	AC_DEFINE(DISABLE_SHADOW)
>  	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
> +	AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID)
>  	AC_CHECK_FUNCS(getluid setluid)
>  	;;
>  *-dec-osf*)
> Index: entropy.c
> ===================================================================
> RCS file: /var/cvs/openssh/entropy.c,v
> retrieving revision 1.29
> diff -u -r1.29 entropy.c
> --- entropy.c	2001/02/18 11:34:32	1.29
> +++ entropy.c	2001/02/26 09:43:57
> @@ -825,13 +825,34 @@
>  	prng_seed_saved = 0;
> 
>  	/* Give up privs while reading seed file */
> +#ifdef SAVED_IDS_WORK_WITH_SETEUID
>  	if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
>  		fatal("Couldn't give up privileges");
> +#else /* SAVED_IDS_WORK_WITH_SETEUID */
> +	/*
> +	 * Propagate the privileged uid to all of our uids.
> +	 * Set the effective uid to the given (unprivileged) uid.
> +	 */
> +	if (original_uid != original_euid && setuid(original_euid) == -1 ||
> +	    seteuid(original_uid) == -1)
> +		fatal("Couldn't give up privileges");
> +#endif /* SAVED_IDS_WORK_WITH_SETEUID */
> 
>  	prng_read_seedfile();
> 
> +#ifdef SAVED_IDS_WORK_WITH_SETEUID
>  	if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
>  		fatal("Couldn't restore privileges");
> +#else /* SAVED_IDS_WORK_WITH_SETEUID */
> +	/*
> +	 * We are unable to restore the real uid to its unprivileged value.
> +	 * Propagate the real uid (usually more privileged) to effective uid
> +	 * as well.
> +	 */
> +	if (original_uid != original_euid && seteuid(original_euid) == -1 ||
> +	    setuid(original_uid) == -1)
> +		fatal("Couldn't restore privileges");
> +#endif /* SAVED_IDS_WORK_WITH_SETEUID */
> 
>  	fatal_add_cleanup(prng_seed_cleanup, NULL);
>  	atexit(prng_write_seedfile);
> 
> 
> 

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

More information about the openssh-unix-dev mailing list